![]() The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform. If you dont plan on getting the ES app then I would look into the DBconnect app to connect to the mcafee ePO database and pull the required data, the audit events are easy and in a single table so start with that, looking at the SQL the ES app uses to pull event/threat data its a very complicated query with many tables. In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work. This table describes the compatibility of this add-on with Splunk distributed deployment features. ![]() If you are using a Heavy forwarder, you must install McAfee ePO Syslog.ĭistributed deployment feature compatibility The add-on must be installed on indexers if you use universal or light forwarders for data collection. Install this add-on to all search heads where McAfee ePO Syslog knowledge management is required. This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform. See Where to install Splunk add-ons in Splunk Add-ons for more information. In a distributed deployment, this add-on must be deployed to all tiers in order to use all functionality. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places. Use the tables in this topic to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders. If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to Splunk Cloud, distributed deployment, or a single-instance deployment. Perform any prerequisite steps before installing, if required and specified in the tables below.Determine where and how to install this add-on in your deployment, using the tables on this page.Download the Splunk Add-on for McAfee ePO Syslog at Splunk Add-on for McAfee ePO Syslog from Splunkbase.Install the Splunk Add-on for McAfee ePO Syslog
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |